From a75f707fcaaed5c9b26e0ddfc0e0529957a11a1d Mon Sep 17 00:00:00 2001
From: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>
Date: Fri, 21 Apr 2023 11:06:21 +0800
Subject: apps: silent warning when loading CSR files with vfyopt option

When verifying or signing a CSR file with the -vfyopt option,
a warning message similar to the following will appear:

  Warning: CSR self-signature does not match the contents

This happens especially when the SM2 algorithm is used and the
distid parameter is added. Pass the vfyopts parameter to the
do_X509_REQ_verify() function to eliminate the warning message.

Signed-off-by: Tianjia Zhang <tianjia.zhang@linux.alibaba.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20799)
---
 apps/cmp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'apps/cmp.c')

diff --git a/apps/cmp.c b/apps/cmp.c
index 84c5d89d7a..6cd3d7e7c0 100644
--- a/apps/cmp.c
+++ b/apps/cmp.c
@@ -1643,7 +1643,7 @@ static int setup_request_ctx(OSSL_CMP_CTX *ctx, ENGINE *engine)
         if (opt_cmd == CMP_GENM) {
             CMP_warn("-csr option is ignored for command 'genm'");
         } else {
-            csr = load_csr_autofmt(opt_csr, FORMAT_UNDEF, "PKCS#10 CSR");
+            csr = load_csr_autofmt(opt_csr, FORMAT_UNDEF, NULL, "PKCS#10 CSR");
             if (csr == NULL)
                 return 0;
             if (!OSSL_CMP_CTX_set1_p10CSR(ctx, csr))
-- 
cgit v1.2.3